svn merge -r 1451375:1451376 Merging from trunk to branch-2 to fix HADOOP-9336.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1451381 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
4a4b0d9402
commit
0c477e9816
|
@ -1057,7 +1057,10 @@ Release 0.23.7 - UNRELEASED
|
|||
permissions (Ivan A. Veselovsky via bobby)
|
||||
|
||||
HADOOP-9067. provide test for LocalFileSystem.reportChecksumFailure
|
||||
(Ivan A. Veselovsky via bobby)
|
||||
(Ivan A. Veselovsky via bobby)
|
||||
|
||||
HADOOP-9336. Allow UGI of current connection to be queried. (Daryn Sharp
|
||||
via kihwal)
|
||||
|
||||
OPTIMIZATIONS
|
||||
|
||||
|
|
|
@ -271,6 +271,14 @@ public abstract class Server {
|
|||
return (addr == null) ? null : addr.getHostAddress();
|
||||
}
|
||||
|
||||
/** Returns the RPC remote user when invoked inside an RPC. Note this
|
||||
* may be different than the current user if called within another doAs
|
||||
* @return connection's UGI or null if not an RPC
|
||||
*/
|
||||
public static UserGroupInformation getRemoteUser() {
|
||||
Call call = CurCall.get();
|
||||
return (call != null) ? call.connection.user : null;
|
||||
}
|
||||
|
||||
/** Return true if the invocation was through an RPC.
|
||||
*/
|
||||
|
|
|
@ -127,6 +127,7 @@ public class TestDoAsEffectiveUser {
|
|||
public static final long versionID = 1L;
|
||||
|
||||
String aMethod() throws IOException;
|
||||
String getServerRemoteUser() throws IOException;
|
||||
}
|
||||
|
||||
public class TestImpl implements TestProtocol {
|
||||
|
@ -136,6 +137,11 @@ public class TestDoAsEffectiveUser {
|
|||
return UserGroupInformation.getCurrentUser().toString();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getServerRemoteUser() throws IOException {
|
||||
return Server.getRemoteUser().toString();
|
||||
}
|
||||
|
||||
@Override
|
||||
public long getProtocolVersion(String protocol, long clientVersion)
|
||||
throws IOException {
|
||||
|
@ -149,7 +155,23 @@ public class TestDoAsEffectiveUser {
|
|||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
private void checkRemoteUgi(final Server server,
|
||||
final UserGroupInformation ugi, final Configuration conf)
|
||||
throws Exception {
|
||||
ugi.doAs(new PrivilegedExceptionAction<Void>() {
|
||||
@Override
|
||||
public Void run() throws IOException {
|
||||
proxy = RPC.getProxy(
|
||||
TestProtocol.class, TestProtocol.versionID,
|
||||
NetUtils.getConnectAddress(server), conf);
|
||||
Assert.assertEquals(ugi.toString(), proxy.aMethod());
|
||||
Assert.assertEquals(ugi.toString(), proxy.getServerRemoteUser());
|
||||
return null;
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
@Test(timeout=4000)
|
||||
public void testRealUserSetup() throws IOException {
|
||||
final Configuration conf = new Configuration();
|
||||
conf.setStrings(ProxyUsers
|
||||
|
@ -163,24 +185,13 @@ public class TestDoAsEffectiveUser {
|
|||
try {
|
||||
server.start();
|
||||
|
||||
final InetSocketAddress addr = NetUtils.getConnectAddress(server);
|
||||
|
||||
UserGroupInformation realUserUgi = UserGroupInformation
|
||||
.createRemoteUser(REAL_USER_NAME);
|
||||
checkRemoteUgi(server, realUserUgi, conf);
|
||||
|
||||
UserGroupInformation proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
|
||||
PROXY_USER_NAME, realUserUgi, GROUP_NAMES);
|
||||
String retVal = proxyUserUgi
|
||||
.doAs(new PrivilegedExceptionAction<String>() {
|
||||
@Override
|
||||
public String run() throws IOException {
|
||||
proxy = RPC.getProxy(TestProtocol.class,
|
||||
TestProtocol.versionID, addr, conf);
|
||||
String ret = proxy.aMethod();
|
||||
return ret;
|
||||
}
|
||||
});
|
||||
|
||||
Assert.assertEquals(PROXY_USER_NAME + " (auth:PROXY) via " + REAL_USER_NAME + " (auth:SIMPLE)", retVal);
|
||||
checkRemoteUgi(server, proxyUserUgi, conf);
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
Assert.fail();
|
||||
|
@ -192,7 +203,7 @@ public class TestDoAsEffectiveUser {
|
|||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
@Test(timeout=4000)
|
||||
public void testRealUserAuthorizationSuccess() throws IOException {
|
||||
final Configuration conf = new Configuration();
|
||||
configureSuperUserIPAddresses(conf, REAL_USER_SHORT_NAME);
|
||||
|
@ -206,25 +217,13 @@ public class TestDoAsEffectiveUser {
|
|||
try {
|
||||
server.start();
|
||||
|
||||
final InetSocketAddress addr = NetUtils.getConnectAddress(server);
|
||||
|
||||
UserGroupInformation realUserUgi = UserGroupInformation
|
||||
.createRemoteUser(REAL_USER_NAME);
|
||||
checkRemoteUgi(server, realUserUgi, conf);
|
||||
|
||||
UserGroupInformation proxyUserUgi = UserGroupInformation
|
||||
.createProxyUserForTesting(PROXY_USER_NAME, realUserUgi, GROUP_NAMES);
|
||||
String retVal = proxyUserUgi
|
||||
.doAs(new PrivilegedExceptionAction<String>() {
|
||||
@Override
|
||||
public String run() throws IOException {
|
||||
proxy = RPC.getProxy(TestProtocol.class,
|
||||
TestProtocol.versionID, addr, conf);
|
||||
String ret = proxy.aMethod();
|
||||
return ret;
|
||||
}
|
||||
});
|
||||
|
||||
Assert.assertEquals(PROXY_USER_NAME + " (auth:PROXY) via " + REAL_USER_NAME + " (auth:SIMPLE)", retVal);
|
||||
checkRemoteUgi(server, proxyUserUgi, conf);
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
Assert.fail();
|
||||
|
|
Loading…
Reference in New Issue